GHOST Attack

Another exploit has been discovered which affects many Linux servers. The moniker is GHOST. During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it …

September Downtime Notice

We have scheduled a 6 hour downtime window on Sunday Sept 28 starting at 02:00 GMT. During this downtime we will be performing some major infrastructure upgrades including: New redundant routers, switches and firewalls. 10Gbps Internet connectivity to multiple carriers. New redundant 8Gbps fiber channel switching fabrics (A and B side fabrics) for storage. 5 …

All Bugzilla Accounts Upgraded to 4.4.5

Bugzilla 4.4.5 is a security release which addresses the following issue: Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213 …

Bugzilla API for Haskell

Version 0.2.1.1 of this package has been released. A Haskell interface to the Bugzilla native REST API This package is designed to provide an easy-to-use, typesafe interface to querying Bugzilla from Haskell. See: http://hackage.haskell.org/package/bugzilla-0.2.1.1 Or at Github: https://github.com/sethfowler/hsbugzilla